Report - nsw2u.com/onimusha-warlords-switch-xci-nsp

Report Overview

Visited public
2023-09-23 14:46:26
Tags
URL
nsw2u.com/onimusha-warlords-switch-xci-nsp
Finishing URL
nsw2u.com/onimusha-warlords-switch-xci-nsp
IP / ASN
104.21.88.34
#13335 CLOUDFLARENET
Title
Onimusha: Warlords Switch XCI NSP | nsw2u.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-09-23 06:38:57	461 B	8.9 kB	142.250.74.106
definedbootnervous.com	unknown	2023-05-22	2023-05-22 04:09:17	2023-09-19 09:25:33	435 B	12 kB	173.233.137.36
pixel.wp.com	2545	1997-03-28	2017-01-30 06:31:40	2023-09-23 05:10:23	497 B	239 B	192.0.76.3
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-09-23 11:30:52	443 B	25 kB	45.133.44.10
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04 17:12:50	2023-09-23 11:41:12	409 B	843 B	172.64.110.37
lilacsloppy.com	unknown	unknown	No data	No data	476 B	467 B	192.243.61.225
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-09-23 07:48:37	1.3 kB	229 kB	142.250.74.168
addresseepaper.com	18169	2021-11-01	2021-11-01 22:11:31	2023-09-23 14:21:39	397 B	0 B	0.0.0.0
stats.wp.com	2711	1997-03-28	2017-01-30 06:06:59	2023-09-23 05:10:21	400 B	11 kB	192.0.76.3
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-23 05:09:29	2.3 kB	4.9 kB	142.250.74.131
c0.wp.com	6988	1997-03-28	2018-09-24 17:59:05	2023-09-23 05:10:20	5.7 kB	306 kB	192.0.77.37
phenomenonwhilstsleek.com	unknown	2023-09-14	2023-09-14 14:14:18	2023-09-23 06:32:10	3.1 kB	29 kB	192.243.61.227
secure.gravatar.com	1671	2004-07-15	2012-05-22 07:36:38	2023-09-23 05:12:55	1.9 kB	9.5 kB	192.0.73.2
www.google-analytics.com	40	2005-07-18	2012-10-03 03:04:21	2023-09-22 18:58:59	410 B	53 kB	216.239.34.178
intorterraon.com	unknown	2022-08-02	2022-08-02 13:41:34	2023-09-23 05:05:02	1.9 kB	32 kB	139.45.197.239
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20 16:52:05	2023-09-23 09:07:30	447 B	51 kB	142.250.74.98
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-09-23 05:11:31	453 B	738 B	139.45.195.8
nsw2u.com	unknown	2020-12-05	2020-12-20 03:30:48	2023-09-10 19:48:09	16 kB	614 kB	104.21.88.34
i0.wp.com	3021	1997-03-28	2013-09-17 08:14:42	2023-09-23 05:11:02	4.9 kB	56 kB	192.0.77.2
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-09-23 05:09:40	1.4 kB	8.0 kB	104.17.24.14
3.bp.blogspot.com	11048	2000-07-31	2012-05-21 18:26:21	2023-09-23 09:55:17	514 B	11 kB	142.250.74.161
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-09-23 05:11:37	424 B	416 B	35.157.129.203
mgnetu.com	93129	2019-07-12	2019-07-13 13:27:43	2023-08-01 20:10:25	405 B	2.9 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-23	medium	bp.blogspot.com	Sinkholed
2023-09-23	medium	definedbootnervous.com	Sinkholed
2023-09-23	medium	intorterraon.com	Sinkholed
2023-09-23	medium	intorterraon.com	Sinkholed
2023-09-23	medium	banquetunarmedgrater.com	Sinkholed
2023-09-23	medium	addresseepaper.com	Sinkholed
2023-09-23	medium	intorterraon.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (70)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	327 B	2023-06-05	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 20:48 Last Seen2024-08-21 08:54 Times Seen22 Hash 0a55a8928cbca5bfac5a66c1723452e6 9f786632275f60fbb585193fa762b0dc5e711a51 7528db72a98a32805f731cc62e8a47bf9218f6e7d02183d9c77e73868e8884a0 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.30	ScriptElement	21 B	2023-08-13	2024-08-21
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.30 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-13 04:23 Last Seen2024-08-21 08:54 Times Seen24 Hash 169a5dd1261e0d434162d1af68acbbcd c18d59ed069049b012a61a8e6b958bfb25bc1b71 82b3dabc6615507ef352f36aa08a805d409e883f8024fd01fda43175b6b67b38 Loading...

	unknown	ScriptElement	81 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:56 Last Seen2024-08-21 05:56 Times Seen1 Hash 19b57c84a46f3d446738e56f059d231a b99e9bc56ed2eabbeec312bc07f9dcfe9c250576 95f241435fb84c94e53b2e80ac20484e24aef9cb96bdd4f8698522973078c78d Loading...

	unknown	ScriptElement	53 B	2023-03-12	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:01 Last Seen2024-08-21 08:54 Times Seen22 Hash d3ead7e34b8fbb76cb63a9a39943859e 63fd3f10bd402ea5cc976e7bb1a45094edc3c9b7 9e66e7b215400aaa09d635b39effef5986bfb2e86a789c6fd4b8b36ffa52ba09 Loading...

	nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	ScriptElement	12 kB	2023-03-07	2025-05-09
Pretty URL nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 08:20 Times Seen31212 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/7jrap5ys/5qz0r.js	ScriptElement	1.1 kB	2023-09-23	2024-08-21
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/7jrap5ys/5qz0r.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46 Last Seen2024-08-21 05:56 Times Seen3 Hash 88a56359f7dffbc40097f556c77d1f65 210854a30f42d58ad49d667bf3bcd910390a433d 6c8a7107087922232346d20de5afe9fd50136ffea11bdfd14cb483f7d7909061 Loading...

	unknown	ScriptElement	244 B	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:56 Last Seen2024-08-21 05:56 Times Seen1 Hash 5e1397559b52678c20f48fca1438aa84 8ba72e63cb5929223323d91aee4d8a154d878036 a4e5543f64fe18f89986e79d0e55dd2348aa2c0e2a629f333544b1ea824d50f8 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188	ScriptElement	701 B	2023-05-10	2025-05-06
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 12:45 Last Seen2025-05-06 09:54 Times Seen3090 Hash 328b8123661abdd5f4a0c695e7aa9dcc 4164f78bb52e9f2bfbb7ae5fd519b4638063c1f0 27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2 Loading...

	unknown	ScriptElement	79 B	2023-03-07	2025-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-05-07 12:03 Times Seen635 Hash ab1b0ef42311479d7559bffd29ef8d7d ba1509057a5f82563a2b55a7379f4825fe35bcab 37bf8b4db5288941c20c28fd7c0b201d2270201a94739d64462744ffe6b52f79 Loading...

	unknown	ScriptElement	145 B	2023-05-11	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42 Last Seen2024-08-21 08:54 Times Seen22 Hash a23ba5b3c2d71c61ef5b40a4b5d84a17 8732a5e5f3d3bd88ddedb1cd24c2d17363e019d0 c2ec440a15201b83bbb8914f9e52de7f4455e44a992f6ab761b5bd62f3a1045b Loading...

	c0.wp.com/c/6.3.1/wp-includes/js/dist/i18n.min.js	ScriptElement	9.4 kB	2023-08-08	2025-05-09
Pretty URL c0.wp.com/c/6.3.1/wp-includes/js/dist/i18n.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:25 Last Seen2025-05-09 05:45 Times Seen13722 Hash c2c4e2a562e06e1cb22293a5b920aca6 a7b5a369ac4883f1ee7fa701b238d20238b675ca 698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f Loading...

	www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c	ScriptElement	228 kB	2023-09-23	2023-09-23
Pretty URL www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46 Last Seen2023-09-23 16:46 Times Seen1 Hash c642d753bc292d1917d82a7dfd96a288 3c5d0b7b062283c52e8f56d8c7d15608091529bb 0a92c971ebb59e60255d8a2b4dc23ae99bcf9d163c33ef6a2c5ccd4a79c1563c Loading...

	mgnetu.com/js/full-page-script.js	ScriptElement	2.2 kB	2023-03-07	2024-08-21
Pretty URL mgnetu.com/js/full-page-script.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:09 Last Seen2024-08-21 05:56 Times Seen7 Hash 0b5575b464c59ab1643828748319eaf6 b8e9a1900f5b8f7ba29f2ce8cc416d50aeb9e5a7 c947c088e417f2ff882c9867391df61aa1318929ce277b1c797ae823449c9c0c Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.1	ScriptElement	1.9 kB	2023-03-07	2025-05-06
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.1 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:32 Last Seen2025-05-06 05:05 Times Seen982 Hash f6a3dd4ecbf227acbafcff33d68dc71d 7421115ddcd5d436b89a1fd27e0cdce5a01978e6 30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.1	ScriptElement	3.1 kB	2023-03-07	2025-05-04
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.1 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06 Last Seen2025-05-04 15:48 Times Seen326 Hash 94279a9a0c4060a96efcf1da47716f86 ea88b3fd8b01a8b86edfd0f4120cc9a834893018 d41c6733a8c4a3a7f08204de8e3d60e1d2baf17dd7f675a26830fb1047fac40a Loading...

	nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.4.8	ScriptElement	3.9 kB	2023-03-29	2025-01-30
Pretty URL nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.4.8 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:02 Last Seen2025-01-30 22:02 Times Seen58 Hash 87015559c535c9314bb1a8d6ed05597e b9e3b22a2bd7457d044551d5126a29bae25489a9 e5903bfc201247ffb215a9c8ca6b66cf2b77d63dc7c7953937619535dd394a7e Loading...

	c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery-migrate.min.js	ScriptElement	14 kB	2023-05-09	2025-05-09
Pretty URL c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery-migrate.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21 Last Seen2025-05-09 08:24 Times Seen105641 Hash 9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Loading...

	unknown	ScriptElement	68 B	2023-03-07	2025-05-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 08:22 Times Seen24186 Hash d30f13da1f424ee0383b76edc55881e1 7e348a5f57ab13eedbc4ed917cdeee5bb9f9bd46 cf01a621447e67a81629bc28276677c86c48fd72c44cba83a82448574aadfd60 Loading...

	nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.4.8	ScriptElement	8.0 kB	2023-03-29	2024-08-21
Pretty URL nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.4.8 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:25 Last Seen2024-08-21 08:58 Times Seen45 Hash e65cb4d4cd399c1b09798edfcea1b41e 49a2a4a502ac7e2c15727c3b7fd6e3d9d5960ff2 d2e0e4ea817ec2075d8ad25c70e9c8e124df393088286cfe1e75dd56069abc2b Loading...

	nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694673843	ScriptElement	11 kB	2023-03-08	2025-05-02
Pretty URL nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694673843 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:27 Last Seen2025-05-02 18:54 Times Seen1838 Hash 94bc4228bb5941670e191e40a6bc44bd ad06418894462185e7eecc1421310f552e1e5e36 5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527 Loading...

	banquetunarmedgrater.com/advertisers.js	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL banquetunarmedgrater.com/advertisers.js IP 172.64.110.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 08:59 Times Seen4635005 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115	ScriptElement	880 B	2023-03-07	2025-05-06
Pretty URL nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:25 Last Seen2025-05-06 00:28 Times Seen96 Hash 88744222f59f4700c6bc9212e12a653c df0bf43d60bed605eabbcb2776e0fbb46f1d1c05 4b179f8204186f3aa954f47cd81dbe86bf89c08edb8d5341b8e0697d99e35073 Loading...

	unknown	ScriptElement	70 B	2023-03-08	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:05 Last Seen2024-08-21 08:58 Times Seen63 Hash dab1184244d47ac25667c940eff90dfc 6cd473b92e1956bd305f0056a46f18b6a4dfd80f 071ab71aea40b26ed6bb74deeb4fb203bd381f3e418588089f4a46d36b3daa07 Loading...

	unknown	ScriptElement	134 B	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:56 Last Seen2024-08-21 05:56 Times Seen1 Hash 8a62231217b950825e9d79df9658b650 c7c3966ef54877b0e94635e527aa91a6e4106f7a 265e1c882fb65dbbd65774a8aad785c1ae99a54ad2324849e8b5460f2640dbc7 Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js	ScriptElement	6.2 kB	2023-09-23	2024-08-21
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46 Last Seen2024-08-21 05:56 Times Seen8 Hash 38fca9e0ca205130e3dddbdcda3b4a85 2c0ac19235a88fb361aff39bc0922e4b946c2c5e 43c8d614ba6e97fd9ee9dcf0ae49334ed5d601403ffe8551a74e1a9faf70efaa Loading...

	unknown	ScriptElement	3.4 kB	2023-08-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-13 04:23 Last Seen2024-08-21 08:54 Times Seen12 Hash 56707025a82573f275588f90b350d3ad f13b7c18e940908856144a8a4783f01984c5c4a7 163e5c7829763a6443786bf0b88bdf7756c6500d6394ecd344a02dd9ba947d27 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:56 Last Seen2024-08-21 05:56 Times Seen1 Hash 255352eb0599c632fd61a8c9274bb74b 25b8a6eff8b12147ead6bb8f7e432970aedcf70d 60c2f97b47ccf291cf74d0283a1f26cd7c14f334d52ff8e267a6ad2ee3c75b45 Loading...

	www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c	ScriptElement	214 kB	2023-09-23	2023-09-23
Pretty URL www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46 Last Seen2023-09-23 16:46 Times Seen1 Hash 94a1f1217aa742cf3e5102c272561c3f 93a910b1fe1e0dd69a3f9647d5d7de4fa6574b99 76d6676bd598492d6157f2d0ede1d3c5e9486faa353ed3c51f6394616c62a0df Loading...

	unknown	ScriptElement	56 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:56 Last Seen2024-08-21 05:56 Times Seen1 Hash 3c9cd9b778fbc772a7dcdc09a684a139 a3e8b9e80aae79bbf2912b0438959d601fc2ad9b 324a67a26574563f5ef431d889bbbe688fc66ed0ac183325f2f75f6fa6fba232 Loading...

	nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js	ScriptElement	14 kB	2023-03-08	2025-05-06
Pretty URL nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:39 Last Seen2025-05-06 00:28 Times Seen45 Hash 0e78b1db7d662e95ae8c3506146b080a 9f1675c87a306e4dd45f84d0b7ac484ae506245e 6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2 Loading...

	nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2	ScriptElement	4.6 kB	2023-03-07	2025-04-14
Pretty URL nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-04-14 01:00 Times Seen304 Hash 3940eede2b6841663dddd9e946dec11e ccb59e18338a06a5f0168be0bd1677710f6d7bd4 b0fadf75681475e975bd2bdaceac6c08e8f5ef06f9a1c7fe9f3f7a571f5bc935 Loading...

	unknown	ScriptElement	116 B	2023-03-12	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:01 Last Seen2024-08-21 08:54 Times Seen22 Hash 4733472fadbcf993b031e917e8c1a8bb 25a0a1bbaaefc39004ab2d28cfa0291c2920c8d3 2d901063b6ea17df1dac8e5cdcdecd6359fe0c8613a456bfc1f3b15b03dd5143 Loading...

	nsw2u.com/sandbox%20eval%20code		128 B	2023-05-06	2025-05-09
Pretty URL nsw2u.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-09 08:24 Times Seen24342 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f	ScriptElement	77 kB	2023-09-22	2024-08-21
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 00:36 Last Seen2024-08-21 06:08 Times Seen48 Hash 3c7e73dd02f57abb6fec8fadea6e35b0 dfec9a1a86ae00e26c0067bd8c8b7ea4860239c8 d4e76d642b11df90fe1e33c420b70c975a23eebc7aea1416a272439ea9903019 Loading...

	www.googletagmanager.com/gtag/js?id=UA-262573192-2	ScriptElement	189 kB	2023-09-23	2023-09-23
Pretty URL www.googletagmanager.com/gtag/js?id=UA-262573192-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46 Last Seen2023-09-23 16:46 Times Seen1 Hash 645c3e87efb4297ad65e6b37fcb15196 539efee3bb65e94cb33fbd625168a2bd4376c721 82869ad616b8e15bf73ce0429654d2aafc41bbd1fc5b84a16deb64a5ddaf8c8b Loading...

	definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js	ScriptElement	30 kB	2023-09-23	2023-09-23
Pretty URL definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46 Last Seen2023-09-23 16:46 Times Seen1 Hash 68b810f661805d8a37a688a72d0cb4eb 8ef9783792ad05e65aa034eda1bbb8c5dbde8e66 fa71fe052d81973ce21c6296fb0112e42346add49046ac2fb6c3eb0420ddc971 Loading...

	phenomenonwhilstsleek.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js	ScriptElement	43 kB	2023-09-23	2023-09-23
Pretty URL phenomenonwhilstsleek.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46 Last Seen2023-09-23 16:46 Times Seen1 Hash 9b5e5160d06c45a4eefa87b6df07d320 1fedb18fd356d9bdb3d8984ee367f41f74350023 8ce28068024c84c229c375ab5a0b261ca15e395efdf0240138f50ca43d9a92fe Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	ScriptElement	1.6 kB	2023-05-06	2025-05-09
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 142.250.74.98 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21 Last Seen2025-05-09 08:24 Times Seen24133 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js	ScriptElement	8.2 kB	2023-03-13	2025-05-09
Pretty URL c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:32 Last Seen2025-05-09 08:19 Times Seen29734 Hash dda652db133fddb9b80a05c6d1b5c540 60c8514c57a5db2980c4b046b0dd479bd427357b c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4 Loading...

	c0.wp.com/c/6.3.1/wp-includes/js/dist/hooks.min.js	ScriptElement	4.6 kB	2023-08-08	2025-05-09
Pretty URL c0.wp.com/c/6.3.1/wp-includes/js/dist/hooks.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:25 Last Seen2025-05-09 05:45 Times Seen14830 Hash 7bd48eb3bd568033e96caf0fb62e6690 b38066999294b99d92d95db5f38bc15707eb1f22 7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596 Loading...

	unknown	ScriptElement	1.4 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:56 Last Seen2024-08-21 05:56 Times Seen1 Hash 49b3f64b4f889a37ecb37c40f0df314e 08faa50d615671c09239572d9923da1c0fd719e2 b733f3a3539da0049d24349704a123e6b9e2d29b9f4a5291d1b24d189220d103 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.30	ScriptElement	23 B	2023-03-08	2024-10-06
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.30 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02 Last Seen2024-10-06 09:26 Times Seen26 Hash e509c98a0bcad0ce8e6248ac8eb31de1 ec5fe203df631088270b5f2b0b7a85498a2aeb8b 352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63 Loading...

	c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill.min.js	ScriptElement	16 kB	2023-07-22	2025-05-07
Pretty URL c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 18:30 Last Seen2025-05-07 14:22 Times Seen9381 Hash 94dfdbe80f36b3be63ce74ff1135b996 5e05077d99e736af42b2da70e428e7f7df556dd4 4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032 Loading...

	nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js	ScriptElement	2.8 kB	2023-06-26	2024-08-21
Pretty URL nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 20:11 Last Seen2024-08-21 05:56 Times Seen8 Hash 351390b839bf683126e78afb44004636 5631ca683d75c60eb3dba2bed734716accbe5426 f9a6294ee0f29b05710d50c6f338bbf5465c1aa22a5d0a7a73e99bbe0845d4b0 Loading...

	unknown	ScriptElement	1.7 kB	2023-05-11	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42 Last Seen2024-08-21 05:56 Times Seen7 Hash 2fa2dec3b7dc63f6f484bc05c732b177 33fc22ce4ba19926b4317c9d27d02b5aa3be6d07 df44dc601860072657c4ba165bee686d1d1886431754f2263bbea5199e4fed6d Loading...

	intorterraon.com/tag.min.js	ScriptElement	80 kB	2023-09-19	2023-09-25
Pretty URL intorterraon.com/tag.min.js IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-19 15:45 Last Seen2023-09-25 15:53 Times Seen96 Hash a3b25ba8316f38d39cbf075d179aad71 9ee5f28a77d2bf3eaa59865c259e8d5c5d6cf272 311c51da9b45e9b6d879e703d48b0324b6921919659a430735032711fb7126cd Loading...

	unknown	ScriptElement	294 B	2023-05-11	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42 Last Seen2024-08-21 08:54 Times Seen12 Hash f73754c10536a2e729f6d06f9e7f191f f69f394a68fcebecbce2ada0f6f8a91ffc077790 06dc51e59503bfca6c59b6050f0dba624b14358f3644d81a3f6605f6586151f6 Loading...

	stats.wp.com/w.js?ver=202338	ScriptElement	11 kB	2023-05-15	2024-08-21
Pretty URL stats.wp.com/w.js?ver=202338 IP 192.0.76.3 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-15 15:42 Last Seen2024-08-21 09:42 Times Seen1419 Hash f6c87bc49e7646c7ccda489b9defc829 9003fc52b4c4014b4bd9fe2f4506440b299478b2 e97d12898ebf1039197a2a1c2f87bfe3b56f93eca2bfe60a46a1053fab7ad860 Loading...

	nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2	ScriptElement	68 kB	2023-03-13	2025-05-05
Pretty URL nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:31 Last Seen2025-05-05 15:56 Times Seen197 Hash 51480f0afb0a30743ae59a3455633c75 2b46f094cb87015fa342da2bf1767413ec5c92b5 108cd01e5eaa34e9942ca8af9f8fe70271d3a3a5028fa085c628c162c3706d2d Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428	ScriptElement	79 kB	2023-09-22	2023-11-28
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 00:36 Last Seen2023-11-28 22:45 Times Seen25 Hash 492b6d5195d2fbd9e612a20a9bd1a009 abd6a079460dc394397df83a9ea641ee03884c58 937ba827d294056f81fcab0e37e5769ca968072be205dcd7125fb61e5a7cdac9 Loading...

	c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js	ScriptElement	6.6 kB	2023-03-14	2025-05-07
Pretty URL c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:30 Last Seen2025-05-07 14:22 Times Seen12765 Hash 9a4f28a615173df36cb84be2b345816e f709263841708d9e40268f24a0072ff4fe811b35 6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6 Loading...

	unknown	ScriptElement	87 B	2023-03-07	2025-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-08 20:55 Times Seen6985 Hash bd5f648f4fa75f28b17faffe66049687 c9c2791b295684a919a2bfd7b7e2ef5aab3c178a 1a4ba4a340b3f30596d32c1b272ddcfdbf3ccb8e89c2fa917ea60469017aeee4 Loading...

	unknown	ScriptElement	531 B	2023-05-11	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42 Last Seen2024-08-21 07:44 Times Seen23 Hash 40821d4e91d3a31a9389e35229622915 f8ba7dd9ac6fb3e00dcb67c271e21618199a1d67 726951036f66a7e3da01b64e1bdfc15d9fcb04cc3428a4f62117eb72c4eb49f9 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 216.239.34.178 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 08:48 Times Seen340603 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	c0.wp.com/c/6.3.1/wp-includes/js/comment-reply.min.js	ScriptElement	3.0 kB	2023-03-07	2025-05-08
Pretty URL c0.wp.com/c/6.3.1/wp-includes/js/comment-reply.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-08 00:10 Times Seen18268 Hash 492f2c1a7ea7eb83fe42e0ff7cb51aa2 db36a77f6aaa2063bfbec02c2c0e967438c5a245 e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789 Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.30	ScriptElement	22 B	2023-03-08	2024-10-06
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.30 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02 Last Seen2024-10-06 09:26 Times Seen26 Hash 41bd53fe0ee631d5cfd895e18a53291d 9d9d3c42c53ad7f906cb083a0d2d37afb4537764 dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40 Loading...

	unknown	EventHandler	90 B	2023-05-25	2025-05-04
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-25 07:37 Last Seen2025-05-04 05:46 Times Seen49 Hash 08fde8ea209fc5fc4fdb2a9c614edaf8 7b54ed7f80a3c3187c406e0c3d9ad247516a05fa ec939e7c2a87ddbb495dbe67a38c2291826a37c7c00e03f22ba7fb05d290349a Loading...

	unknown	ScriptElement	452 B	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:56 Last Seen2024-08-21 05:56 Times Seen1 Hash 864257d1f517a8b26363cd9e5f52e6ff 98f822a0afbfc4c5a1d1bd24156bf842d5a7b209 36237722c29b340133dca547dfde6a1d96015964056bfe2118a80c2474707018 Loading...

	c0.wp.com/c/6.3.1/wp-includes/js/dist/url.min.js	ScriptElement	9.1 kB	2023-08-08	2025-04-25
Pretty URL c0.wp.com/c/6.3.1/wp-includes/js/dist/url.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:54 Last Seen2025-04-25 07:15 Times Seen680 Hash 16e2e46b37590d0f0b095e0dc1aaaf87 11fd26f35df888a81534699194516b5178c217a4 68355abe687cffeeefe36bc69855523ab4745d0e753f7417138f9a41259cce71 Loading...

	c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery.min.js	ScriptElement	88 kB	2023-06-13	2025-05-07
Pretty URL c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-13 23:41 Last Seen2025-05-07 14:22 Times Seen26125 Hash ff04dd1ef5c67998d8652330c0441689 5e6ff5bd5240181a8bdea983837f39ac231dac4d 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164 Loading...

	nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206	ScriptElement	2.3 kB	2023-03-07	2025-05-06
Pretty URL nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39 Last Seen2025-05-06 00:28 Times Seen181 Hash c3a5b08af3e63049707797efe65eab86 f66ed251ef8c24614ff24376d472f2f394f7b93f d79752e33e156b5cb219ab45103fe0ed7d80f111533dd8eec42c57546b4da500 Loading...

	nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js	ScriptElement	124 kB	2023-03-07	2025-05-06
Pretty URL nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57 Last Seen2025-05-06 00:28 Times Seen69 Hash 7ed39eb42c8c450b59a24bab9cfa7fae 7fdd3fee90709f703fac533b6061864fcd7ec206 35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.1	ScriptElement	7.9 kB	2023-03-07	2025-05-09
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.1 IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-09 08:24 Times Seen5253 Hash 45bacd312d5098b4b59f563d8756c15d fa55e2cff078381e5365d95782a95a787d0b7192 3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b Loading...

	nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.30	ScriptElement	110 B	2023-03-08	2024-10-12
Pretty URL nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.30 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:02 Last Seen2024-10-12 13:50 Times Seen32 Hash b7d8aab20ec0137a23e4ff03411bd06c bd7e901bbf5968d13abb3dee762244715541bdfe 651cbb53c3e67a452582c597784a988f2ad5db132c709c279a23ad74b9917448 Loading...

	unknown	ScriptElement	197 B	2023-05-11	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 18:42 Last Seen2024-08-21 08:54 Times Seen4 Hash ed02acfe879cb8e096856ead26f5a58c 52450e636d93fb0b8f43fafaabd2717e335c2534 ec29641e01dee88fccbd2fdc296c8674ecc51f579f0970d6b82e64d07042197d Loading...

	nsw2u.com/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL nsw2u.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 08:48 Times Seen341404 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	unknown	ScriptElement	59 kB	2024-08-21	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:56 Last Seen2024-08-21 05:56 Times Seen1 Hash 080564be89ebc339014547a64eeb155c 7a8f1f2c1da63ca5bcf2b6f350edc94096240a26 37d84170ec74462815f2763c799d80f7183c7a64bad8e84b6eb41334f41b4563 Loading...

	nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307	ScriptElement	7.6 kB	2023-09-23	2023-11-28
Pretty URL nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307 IP 104.21.88.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 16:46 Last Seen2023-11-28 22:45 Times Seen29 Hash 70c183398322d73b50b8b4abece239a9 e79dec738456aa7882ffbaf481eb13849da7c227 969eb11be3a2271857373fe0e1424232f62f24ebc4cac8cd532c35d43634c046 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 76c8d726d70cedae020364bd72f5fb6f	6.3 kB	2024-08-21 05:56	2024-08-21 05:56
Pretty Observations First Seen2024-08-21 05:56 Last Seen2024-08-21 05:56 Times Seen1 Hash 76c8d726d70cedae020364bd72f5fb6f 2e3b5304bfa057056002f26a2a66f820bc1910c5 f1b6a364b9816f5cf888d79f49754839bac0d89b1225712104e288c8c7cc17a9 Loading...

	#2 Eval - f17f4428de44cfe6761d2821fd00f316	2.1 kB	2024-08-21 05:56	2024-08-21 05:56
Pretty Observations First Seen2024-08-21 05:56 Last Seen2024-08-21 05:56 Times Seen1 Hash f17f4428de44cfe6761d2821fd00f316 fefb3357ab530f323814a4ed483ab2ba4a1f2cd3 e9edbb806e3aa68e2a8b7cbea49426c4303f4a980eff64aa276f98a4adefac26 Loading...

HTTP Transactions (90)

URL IP Response Size

nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png

104.21.88.34

200 OK

16 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size
16 kB (15671 bytes)
Hash
134fce13c189ed0e483a1bddb6406204
eed559ac52e9731c56a1fb03eb94fc82e551bb66
723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791

HTTP Headers

GET /wp-content/plugins/chp-ads-block-detector/assets/img/icon.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: image/png
content-length: 15671
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:29:33 GMT
cf-cache-status: HIT
age: 4966
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=elsU8oEeLJezs6AjuN%2F4j5uDstwNWmev6TbR9s5%2BOL%2Bgl2YyN5DxrNmdqy753htbdhkmcaF8ghf9p5kRRyLZGYSenXfMFoV3YCn5vR2g0w7L74kzo1KTDQK3Dg0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b393466a4b56a9-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png

104.21.88.34

200 OK

95 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/images/ads.png
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /wp-content/plugins/ad-inserter/images/ads.png HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: image/png
content-length: 95
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:12 GMT
cf-cache-status: HIT
age: 4966
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=skJnmBXhbbU75%2FmvNyD1GSWfW4Lfs%2FUxeHHzzzlRGI%2FbyaLfzIi8g%2FftgNIaH1G0U1U0vlJuoFpFOWdaEkhfopgmlmxrLvOuwGARm06kiLok345g4pDII1VW4mA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b393466a4f56a9-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1

192.0.77.2

200 OK

2.8 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.8 kB (2836 bytes)
Hash
948c6dc3d3c1e2e9d315418f6eabe2bf
ed06ff1f0994f3be033f22d808241d3fcca9d1e8
3a2e29960ba6130c22ce96089a7592ae91b6a0d6a11595a10daaa9662522ad0b

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/nsw2u.png?w=216&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: image/webp
content-length: 2836
last-modified: Sat, 24 Sep 2022 18:25:42 GMT
expires: Tue, 24 Sep 2024 06:25:42 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/nsw2u.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0101732b85ce3bdc"
vary: Accept
x-nc: HIT arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?resize=570%2C129&ssl=1

192.0.77.2

200 OK

7.1 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?resize=570%2C129&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.1 kB (7082 bytes)
Hash
2a19271a79ed86157e035261d50ce8b8
bdaaab52551234d79c3420c71d72bf2004010899
11230d9a5e6db15347e2b28947e0b3128c642bf897dab51e24ab411164b61c35

HTTP Headers

GET /images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?resize=570%2C129&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: image/webp
content-length: 7082
last-modified: Fri, 31 Mar 2023 21:36:25 GMT
expires: Mon, 31 Mar 2025 09:36:25 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png>; rel="canonical"
x-content-type-options: nosniff
etag: "bc97642a657da821"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/3.bp.blogspot.com/-uGuHvOGwN84/XB958e5mi7I/AAAAAAAAAsU/raHMsCkrwrU59Pg_RbncxgBG-rn2-i4sACLcBGAs/s1600/Onimusha%2BWarlords.jpg?w=640&ssl=1

192.0.77.2

302 Found

138 B

URL GET HTTP/2
i0.wp.com/3.bp.blogspot.com/-uGuHvOGwN84/XB958e5mi7I/AAAAAAAAAsU/raHMsCkrwrU59Pg_RbncxgBG-rn2-i4sACLcBGAs/s1600/Onimusha%2BWarlords.jpg?w=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /3.bp.blogspot.com/-uGuHvOGwN84/XB958e5mi7I/AAAAAAAAAsU/raHMsCkrwrU59Pg_RbncxgBG-rn2-i4sACLcBGAs/s1600/Onimusha%2BWarlords.jpg?w=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: text/html
content-length: 138
location: https://3.bp.blogspot.com/-uGuHvOGwN84/XB958e5mi7I/AAAAAAAAAsU/raHMsCkrwrU59Pg_RbncxgBG-rn2-i4sACLcBGAs/s1600/Onimusha+Warlords.jpg
x-nc: MISS arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8fe5097b12ddbaa7731f5c6d445db349
b1d9718a7e3ead4ad6c08b3c888129ddf9ba52af
3133a3d91f11eeb170b6a3149b7cceb04228b72a222187bcc374f1fbbdbf4bd3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:46:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d01fcdf9d07d46c2f636f5d4761b4216
b0b5d955d4da1ad20192a71164d982626c4e723a
77273f261fedd69a83c6bd35f063e592e1aba013c76665a376d2e82a4793e052

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:46:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8fe5097b12ddbaa7731f5c6d445db349
b1d9718a7e3ead4ad6c08b3c888129ddf9ba52af
3133a3d91f11eeb170b6a3149b7cceb04228b72a222187bcc374f1fbbdbf4bd3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:46:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.30

104.21.88.34

200 OK

23 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.30
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with no line terminators
Size
23 B (23 bytes)
Hash
e509c98a0bcad0ce8e6248ac8eb31de1
ec5fe203df631088270b5f2b0b7a85498a2aeb8b
352ea4dd2d545563bef7eb0ba6d6ebfe4bc9d9e51ab00d9c925cb9e103edee63

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/300x250.js?ver=2.7.30 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
content-length: 23
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=25
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 3466
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RzovX8D9sMYK%2FFm29OjAMzvAoULRmOIt9YjaVTOWJBb85CXp4RD9HCKKwiMD4e1gioHkjJWcWkMRqFlpuI%2ByGKDBP0JNh%2FDjpl4Piw%2F2N%2F741e8ji0l85G%2Flo4Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b3934a2d5156a9-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.30

104.21.88.34

200 OK

22 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.30
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
41bd53fe0ee631d5cfd895e18a53291d
9d9d3c42c53ad7f906cb083a0d2d37afb4537764
dfb2e16986e257b608b45d14396378a8f2ac6a7321c0dc2f13c66a33ec8e4a40

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/banner.js?ver=2.7.30 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
content-length: 22
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=24
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 3466
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=81XLdQcdesfP4PPqXpXHQY9nEzPGqJn95XPKpDT2sKE70WEaVVLBBBh5Eof6BMgm1xIpSRRhmKLa2ShRvEbiFIfbP4dY5ZdPPx4%2BNdS%2Fkc1V3vKRueRrbTEHF9s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b3934a3d5556a9-OSL
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.30

104.21.88.34

200 OK

21 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.30
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
169a5dd1261e0d434162d1af68acbbcd
c18d59ed069049b012a61a8e6b958bfb25bc1b71
82b3dabc6615507ef352f36aa08a805d409e883f8024fd01fda43175b6b67b38

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/sponsors.js?ver=2.7.30 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
content-length: 21
cache-control: public, max-age=16070400
cf-bgj: minify
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:14 GMT
cf-cache-status: HIT
age: 3466
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gazqmmCC6J5Lhh%2FTFx7inIsZ6b9Y13jC4ULViu43H9Cq6YA94n%2Fa7iBYDhPobLtkswpDnJJ4YbkqP%2BSvTNWNj%2BzyK%2BpWl0GaXNsbIfuNXQ%2BJfUD56EjJ6Cs7MH0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b3934a3d5856a9-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.1

104.17.24.14

200 OK

677 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.1
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1845)
Size
677 B (677 bytes)
Hash
f6a3dd4ecbf227acbafcff33d68dc71d
7421115ddcd5d436b89a1fd27e0cdce5a01978e6
30b2271be76ee2dd43122d0611f8aa498b9781f4cd03904ca12e12d2e91e9421

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/unveilhooks/ls.unveilhooks.min.js?ver=6.3.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 677
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b38-2a5"
last-modified: Thu, 22 Jun 2023 11:06:32 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1992573
expires: Thu, 12 Sep 2024 14:46:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=li0gww4NADvhEOaD0I410O4GVSozmAvlLSnETodNh77R17Pro9SKFLzabPFtesb4Qy0ASAldrky5fkRJ2lCQ0PGP8dul2lPZJ%2Fm9L7LH9xMkOj2Io4tY%2B7NhJH%2B4ckT5uXB0Z9j0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80b3934b0bbe56ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.1

104.17.24.14

200 OK

3.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.1
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
45bacd312d5098b4b59f563d8756c15d
fa55e2cff078381e5365d95782a95a787d0b7192
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/lazysizes.min.js?ver=6.3.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942b38-c4e"
last-modified: Thu, 22 Jun 2023 11:06:32 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1995597
expires: Thu, 12 Sep 2024 14:46:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dn6jUVLI5WLzrNpBqMraFDc7ucrgfrfPb3FmPajWKFAjoZwhhqGhA8wR0uqcrPw0idFO89ExbC0YZLSz16Z5jDRWE1xqZ6vypsdaQBReV8hjV15xee%2B039E3sRr1fM9h5FUh2jwP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80b3934b1bc256ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.1

104.17.24.14

200 OK

1.1 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.1
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3036)
Size
1.1 kB (1101 bytes)
Hash
94279a9a0c4060a96efcf1da47716f86
ea88b3fd8b01a8b86edfd0f4120cc9a834893018
d41c6733a8c4a3a7f08204de8e3d60e1d2baf17dd7f675a26830fb1047fac40a

HTTP Headers

GET /ajax/libs/lazysizes/5.3.2/plugins/bgset/ls.bgset.min.js?ver=6.3.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 1101
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60641588-bf7"
last-modified: Wed, 31 Mar 2021 06:24:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 10001982
expires: Thu, 12 Sep 2024 14:46:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ykBk3P42Tsrpi3H0w3NsldjojEgo9EEk0pQzBtXTgtzOvVcMP9xIVxFGNp1qEt3G80ZP9OE15HarPYNjKNteYHHayQ%2FQS9AKojikO29OOg2A8YdhsZrMtZaKu0lpR%2B36UoCb6iiw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 80b3934b2bce56ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

3.bp.blogspot.com/-uGuHvOGwN84/XB958e5mi7I/AAAAAAAAAsU/raHMsCkrwrU59Pg_RbncxgBG-rn2-i4sACLcBGAs/s1600/Onimusha+Warlords.jpg

142.250.74.161

200 OK

10 kB

URL GET HTTP/2
3.bp.blogspot.com/-uGuHvOGwN84/XB958e5mi7I/AAAAAAAAAsU/raHMsCkrwrU59Pg_RbncxgBG-rn2-i4sACLcBGAs/s1600/Onimusha+Warlords.jpg
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint37:39:0F:F8:47:2E:23:CF:70:6A:2D:5A:34:A0:98:7E:C9:0F:5A:84
ValidityMon, 04 Sep 2023 08:22:52 GMT - Mon, 27 Nov 2023 08:22:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 176x286, components 3\012- data
Size
10 kB (10447 bytes)
Hash
092591a1d6497b028828b3d9230b02fa
3618d5ebec72873f234aec4e7e01d92ff942b22c
69a53db024ae7f995fc505e6253033c2c3e7b580dc2820a473af4e6e47978324

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /-uGuHvOGwN84/XB958e5mi7I/AAAAAAAAAsU/raHMsCkrwrU59Pg_RbncxgBG-rn2-i4sACLcBGAs/s1600/Onimusha+Warlords.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
etag: "v2c6"
expires: Sun, 24 Sep 2023 14:46:07 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Onimusha Warlords.jpg"
x-content-type-options: nosniff
date: Sat, 23 Sep 2023 14:46:07 GMT
server: fife
content-length: 10447
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

104.21.88.34

200 OK

77 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/themes/posterpro/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/font-woff2
content-length: 77160
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
cf-cache-status: HIT
age: 4964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rOuPJAmVAs59g%2BBBhBkAyARaWAKS6pgWheFNbn9DbIAJ%2FaU7wvrauMiK3WyC51C5FMMPVI5EKPLjo2isvaLKyP%2FZA6rPKqPEHKQgSLWDt3xs6Pjk904oZ2lCJgw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b3934b7e8156a9-OSL
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js

192.0.77.37

200 OK

2.9 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (6607), with no line terminators
Size
2.9 kB (2870 bytes)
Hash
9a4f28a615173df36cb84be2b345816e
f709263841708d9e40268f24a0072ff4fe811b35
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

HTTP Headers

GET /c/6.3.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/7jrap5ys/5qz0r.js

104.21.88.34

200 OK

8.1 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/7jrap5ys/5qz0r.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text
Size
8.1 kB (8114 bytes)
Hash
88a56359f7dffbc40097f556c77d1f65
210854a30f42d58ad49d667bf3bcd910390a433d
6c8a7107087922232346d20de5afe9fd50136ffea11bdfd14cb483f7d7909061

HTTP Headers

GET /wp-content/cache/wpfc-minified/7jrap5ys/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4912
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2Fw78sUgSup4haj43odNU1v5%2B0VGvzGrUU7m%2BWcTWH0%2Bh4FNg5EOqfVTVKmBZSFPjG29U3wkqamJvNjOm27QwaGVN%2BOR5Qr8N3fabfcPWH8shhBBuy%2BJzCTWnHg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934b7e8056a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d01fcdf9d07d46c2f636f5d4761b4216
b0b5d955d4da1ad20192a71164d982626c4e723a
77273f261fedd69a83c6bd35f063e592e1aba013c76665a376d2e82a4793e052

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:46:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-262573192-2

142.250.74.168

200 OK

69 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-262573192-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT

File type
ASCII text, with very long lines (4179)
Size
69 kB (68965 bytes)
Hash
645c3e87efb4297ad65e6b37fcb15196
539efee3bb65e94cb33fbd625168a2bd4376c721
82869ad616b8e15bf73ce0429654d2aafc41bbd1fc5b84a16deb64a5ddaf8c8b

HTTP Headers

GET /gtag/js?id=UA-262573192-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 23 Sep 2023 14:46:08 GMT
expires: Sat, 23 Sep 2023 14:46:08 GMT
cache-control: private, max-age=900
last-modified: Sat, 23 Sep 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68965
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
94111c3420bb2c6a13c84437834119c2
a60b1aaa235c754b4f840e14e5c32f3bd1920d3b
9f0636387ba07be147b51285a1e30b77ad2e4e77126f1c1082775fd981b32d78

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:46:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1

192.0.77.2

200 OK

374 B

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
374 B (374 bytes)
Hash
43df8a9873aa31bb000672a677ac1640
4c1bcd8c3a797217d375df16b4bcab2d6a2763a3
d865b1c06cbff014e7c47cf5afb4332de4c95a537f86074e001b577c50aef07d

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:08 GMT
content-type: image/webp
content-length: 374
last-modified: Sat, 24 Sep 2022 18:25:44 GMT
expires: Tue, 24 Sep 2024 06:25:44 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "9a9a255d155ea6c0"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1

192.0.77.2

200 OK

2.6 kB

URL GET HTTP/2
i0.wp.com/nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.6 kB (2568 bytes)
Hash
513677192f138c2aba3a3847c320f723
7ce5b67d80a2c2dedf8685b08547bcc8bf012f99
d60495bc835271423ec6445708aceb3a068ed6f2ebfd796a86c9f9e134ca1788

HTTP Headers

GET /nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png?fit=192%2C192&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:08 GMT
content-type: image/webp
content-length: 2568
last-modified: Sat, 24 Sep 2022 18:28:57 GMT
expires: Tue, 24 Sep 2024 06:28:57 GMT
cache-control: public, max-age=63115200
link: <https://nsw2u.com/wp-content/uploads/2022/07/cropped-nintendo-switch-logo.png>; rel="canonical"
x-content-type-options: nosniff
etag: "deb437b05941c6de"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery-migrate.min.js

192.0.77.37

200 OK

26 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery-migrate.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (13479)
Size
26 kB (25673 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

HTTP Headers

GET /c/6.3.1/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c

142.250.74.168

200 OK

81 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT

File type
ASCII text, with very long lines (5788)
Size
81 kB (81272 bytes)
Hash
c642d753bc292d1917d82a7dfd96a288
3c5d0b7b062283c52e8f56d8c7d15608091529bb
0a92c971ebb59e60255d8a2b4dc23ae99bcf9d163c33ef6a2c5ccd4a79c1563c

HTTP Headers

GET /gtag/js?id=G-V5K7GYT3S4&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 23 Sep 2023 14:46:08 GMT
expires: Sat, 23 Sep 2023 14:46:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81272
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c

142.250.74.168

200 OK

77 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT

File type
ASCII text, with very long lines (4179)
Size
77 kB (77364 bytes)
Hash
94a1f1217aa742cf3e5102c272561c3f
93a910b1fe1e0dd69a3f9647d5d7de4fa6574b99
76d6676bd598492d6157f2d0ede1d3c5e9486faa353ed3c51f6394616c62a0df

HTTP Headers

GET /gtag/js?id=G-HS5Y0K7QPG&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 23 Sep 2023 14:46:08 GMT
expires: Sat, 23 Sep 2023 14:46:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77364
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js

173.233.137.36

200 OK

11 kB

URL GET HTTP/1.1
definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectdefinedbootnervous.com
FingerprintFE:CF:3A:96:3E:47:C4:AA:55:62:56:91:23:16:FC:0A:94:CC:D9:DC
ValidityTue, 19 Sep 2023 06:24:07 GMT - Mon, 18 Dec 2023 06:24:06 GMT

File type
exported SGML document, ASCII text, with very long lines (29688), with no line terminators
Size
11 kB (10968 bytes)
Hash
68b810f661805d8a37a688a72d0cb4eb
8ef9783792ad05e65aa034eda1bbb8c5dbde8e66
fa71fe052d81973ce21c6296fb0112e42346add49046ac2fb6c3eb0420ddc971

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a45922fa4966955cecdffbdde5347ae5/invoke.js HTTP/1.1
Host: definedbootnervous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 14:46:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5b80cc6d68a949e718c49e54f5f06f92
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js

104.21.88.34

200 OK

1.5 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2729)
Size
1.5 kB (1483 bytes)
Hash
351390b839bf683126e78afb44004636
5631ca683d75c60eb3dba2bed734716accbe5426
f9a6294ee0f29b05710d50c6f338bbf5465c1aa22a5d0a7a73e99bbe0845d4b0

HTTP Headers

GET /wp-content/cache/wpfc-minified/6zu0bqmr/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YFF6NJzOl2BpR6f8J1ZsuMhcBXLWrWoxitwuYhTntC6HAakWafwwYjYMHWTc%2B16pHZ%2Fnu2yefdnZOqtdRLJTkZfBjPa4SeMeDUe6fCjm37BV9FkM45Lt0HHNYqc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934abdf156a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

professionalswebcheck.com/stats

35.157.129.203

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
35.157.129.203:443
ASN
#16509 AMAZON-02

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
d5494714760002847f3cd17fa246f258
09819877e3ec052d201543efb9436c92416be4d8
4ebb5b5cddf5fbbacc90c358d306ac496bbb45703c4f238a6eb49678c97cbcb4

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:46:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://nsw2u.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=cb2dcd3a-72c9-423f-b0e7-2dab6beaa4d8:2:1; expires=Tue, 20 Sep 2033 14:46:09 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.19335734966835694

192.0.76.3

200 OK

50 B

URL GET HTTP/2
pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.19335734966835694
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.19335734966835694 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:09 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/onimusha-warlords-switch-xci-nsp

104.21.88.34

200 OK

0 B

URL User Request GET HTTP/2
nsw2u.com/onimusha-warlords-switch-xci-nsp
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /onimusha-warlords-switch-xci-nsp HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Cookie: _ga_HS5Y0K7QPG=GS1.1.1695480369.1.0.1695480369.0.0.0; _ga=GA1.1.1212437341.1695480369; _ga_V5K7GYT3S4=GS1.1.1695480369.1.0.1695480369.0.0.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:09 GMT
content-type: text/html
last-modified: Thu, 21 Sep 2023 03:46:49 GMT
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ysmb0P32L6pAtBU4GoEnhGGhM9MkU28%2B5mAYFrufIan6Lld1xH4ULoOgillE0FM65QgfxBRfs%2B4IQmhHjluYl5n24Zzf2Sald3oEZALcWWZKOGIhkydgiPd%2BNYM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b39357490156a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.1/wp-includes/css/dist/block-library/style.min.css

192.0.77.37

200 OK

18 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/css/dist/block-library/style.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (53449)
Size
18 kB (17812 bytes)
Hash
03c0f2128c8dd615b1691c168f1d4456
defa44bed1f35ec899cfd358ca911390bca53e67
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694

HTTP Headers

GET /c/6.3.1/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 19 Jul 2023 11:13:55 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js

104.21.88.34

200 OK

29 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.min.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (32024)
Size
29 kB (29435 bytes)
Hash
7ed39eb42c8c450b59a24bab9cfa7fae
7fdd3fee90709f703fac533b6061864fcd7ec206
35ddb1ce73a4ac4f4792b00c8b8c56cbf857910ada5e2a0183d898b01adc16bb

HTTP Headers

GET /wp-content/themes/posterpro/foundation/js/foundation.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTM6ch95QZNzEPMylhx7MxHhDeGmP1Y1kxhsOqjO7hTjwGIHsVCb56p6ngxh5MgdYkSru1OGO%2B7Gh13kRka%2FrMsnnFSjIhU4r1rSXezLTCstOtXPHNPRoIwwKb4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a6d9b56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

intorterraon.com/tag.min.js

139.45.197.239

200 OK

25 kB

URL GET HTTP/2
intorterraon.com/tag.min.js
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectintorterraon.com
FingerprintC5:B3:FC:72:6F:FC:98:10:F0:00:B8:2D:AB:AD:D5:E7:D6:E4:FC:8E
ValidityWed, 06 Sep 2023 05:05:59 GMT - Tue, 05 Dec 2023 05:05:58 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
25 kB (25218 bytes)
Hash
a3b25ba8316f38d39cbf075d179aad71
9ee5f28a77d2bf3eaa59865c259e8d5c5d6cf272
311c51da9b45e9b6d879e703d48b0324b6921919659a430735032711fb7126cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: intorterraon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: text/javascript; charset=utf-8
content-length: 25218
content-encoding: br
x-trace-id: ab6264c35c3a1d20e49aa59a100b5141
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Tue, 19 Sep 2023 12:02:44 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
aeafca61929af48f5ce5cc58fdaaed3c
f9c7530a7c334f9199f83a568fea5392ad41c8b9
a9b7cb4305b51e6964e793e0d5fb329c39c5cb8a1f7dafcc25b0074687abe954

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:46:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

phenomenonwhilstsleek.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js

192.243.61.227

200 OK

17 kB

URL GET HTTP/1.1
phenomenonwhilstsleek.com/ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectphenomenonwhilstsleek.com
Fingerprint2E:E7:36:3A:66:0A:C3:40:89:9B:5C:2A:AB:C7:4D:63:D6:BC:06:2D
ValidityThu, 14 Sep 2023 11:12:58 GMT - Wed, 13 Dec 2023 11:12:57 GMT

File type
ASCII text, with very long lines (42666), with no line terminators
Size
17 kB (17335 bytes)
Hash
9b5e5160d06c45a4eefa87b6df07d320
1fedb18fd356d9bdb3d8984ee367f41f74350023
8ce28068024c84c229c375ab5a0b261ca15e395efdf0240138f50ca43d9a92fe

HTTP Headers

GET /ed/6c/a5/ed6ca5eb8abc9a864ffa39115799b641.js HTTP/1.1
Host: phenomenonwhilstsleek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 14:46:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0bc37040a98dc11ca181433bf68bc111
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.250.74.98

200 OK

51 kB

URL GET HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.250.74.98:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint67:E1:F2:5D:6B:29:01:55:36:48:B9:44:27:87:2A:0A:C4:DD:B7:B7
ValidityMon, 04 Sep 2023 08:17:04 GMT - Mon, 27 Nov 2023 08:17:03 GMT

File type
ASCII text, with very long lines (3920)
Size
51 kB (50589 bytes)
Hash
cc99ab58b51f761e2c3caf3e7703c173
1d48492916cfde7b6b14ce83974b16f235a29c61
2093ed54a6c7be169252019f9c8e1d5004d121d0aa4d6506ebc4933f360a8a98

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 23 Sep 2023 14:46:10 GMT
expires: Sat, 23 Sep 2023 14:46:10 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 7004583246619428186
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 50589
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

7.1 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.1 kB (7082 bytes)
Hash
2a19271a79ed86157e035261d50ce8b8
bdaaab52551234d79c3420c71d72bf2004010899
11230d9a5e6db15347e2b28947e0b3128c642bf897dab51e24ab411164b61c35

HTTP Headers

GET /images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: image/webp
content-length: 7082
last-modified: Sat, 26 Aug 2023 13:56:19 GMT
expires: Tue, 26 Aug 2025 01:56:19 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0987e1961abf81c6"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=1280&resize=1280&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:57 GMT
expires: Tue, 18 Feb 2025 21:06:57 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "95d72d4081ab31e0"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
aeafca61929af48f5ce5cc58fdaaed3c
f9c7530a7c334f9199f83a568fea5392ad41c8b9
a9b7cb4305b51e6964e793e0d5fb329c39c5cb8a1f7dafcc25b0074687abe954

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:46:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

intorterraon.com/5/3812660/?oo=1&aab=1

139.45.197.239

200 OK

1.3 kB

URL GET HTTP/2
intorterraon.com/5/3812660/?oo=1&aab=1
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectintorterraon.com
FingerprintC5:B3:FC:72:6F:FC:98:10:F0:00:B8:2D:AB:AD:D5:E7:D6:E4:FC:8E
ValidityWed, 06 Sep 2023 05:05:59 GMT - Tue, 05 Dec 2023 05:05:58 GMT

File type
JSON data\012- , ASCII text, with very long lines (2758), with no line terminators
Size
1.3 kB (1334 bytes)
Hash
f22068f31a5b38398a83851eff921581
d4006727bb1e732112bb3d33bf08a1c7a2bfbba0
3001c88d6d65ac054074591b65ff7eccb119c0b808353cbd45d86b4490db24eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/3812660/?oo=1&aab=1 HTTP/1.1
Host: intorterraon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: application/json
x-trace-id: 3edfd463b36ddfc99e0453e4108e0372
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=5efd5bd0e45941a6ab0d2ea98278eef2; expires=Sun, 22 Sep 2024 14:46:10 GMT; path=/; secure; SameSite=None
oaidts=1695480370; expires=Sun, 22 Sep 2024 14:46:10 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?w=640&resize=640&ssl=1

192.0.77.2

200 OK

7.1 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?w=640&resize=640&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.1 kB (7082 bytes)
Hash
2a19271a79ed86157e035261d50ce8b8
bdaaab52551234d79c3420c71d72bf2004010899
11230d9a5e6db15347e2b28947e0b3128c642bf897dab51e24ab411164b61c35

HTTP Headers

GET /images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png?w=640&resize=640&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: image/webp
content-length: 7082
last-modified: Fri, 03 Feb 2023 10:54:45 GMT
expires: Sun, 02 Feb 2025 22:54:45 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1617183253/97cf8bb0/33890012.png>; rel="canonical"
x-content-type-options: nosniff
etag: "12f9ee5ca2c1fe61"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?w=500&resize=500&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: image/webp
content-length: 7712
last-modified: Sun, 19 Feb 2023 09:06:19 GMT
expires: Tue, 18 Feb 2025 21:06:19 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "6b02d3dbdaa697a7"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=5efd5bd0e45941a6ab0d2ea98278eef2

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=5efd5bd0e45941a6ab0d2ea98278eef2
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintB4:02:64:AF:5C:AB:27:5B:1B:80:CF:C8:FF:EB:BF:43:29:C3:C5:C1
ValidityTue, 25 Jul 2023 06:29:27 GMT - Mon, 23 Oct 2023 06:29:26 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
ac6e6850eea335ef0c01ad43fb4571d0
080af5292f24e88448a768e8b9fdc6ab485b77be
a4317724afcf060531e0f1993b3e07da347aee0f63cecb4afea72a73101863f6

HTTP Headers

GET /gid.js?userId=5efd5bd0e45941a6ab0d2ea98278eef2 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nsw2u.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5efd5bd0e45941a6ab0d2ea98278eef2; expires=Sun, 22 Sep 2024 14:46:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2

104.21.88.34

200 OK

23 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
Unicode text, UTF-8 text, with very long lines (65506), with no line terminators
Size
23 kB (23357 bytes)
Hash
51480f0afb0a30743ae59a3455633c75
2b46f094cb87015fa342da2bf1767413ec5c92b5
108cd01e5eaa34e9942ca8af9f8fe70271d3a3a5028fa085c628c162c3706d2d

HTTP Headers

GET /wp-content/plugins/add-search-to-menu/public/js/ivory-ajax-search.min.js?ver=5.5.2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:31:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ztJFsFgQTSr0VA3w%2Bj9C85yx4%2FiiZKgEnNeuZg2MOKWBgFZqzvhwIOUfWzgE5uQd8gLu8ZlmpbzSIoxq1vBLc7rsB318UxZqG0roAkZGJ8DWUXtidefc8oPjmM4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a4d6e56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg

45.133.44.10

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintAA:0D:43:1A:D3:E4:C6:42:86:E6:B6:6B:B0:1E:22:41:C9:F8:8C:A9
ValidityThu, 27 Jul 2023 23:07:11 GMT - Wed, 25 Oct 2023 23:07:10 GMT

File type
JPEG image data, baseline, precision 8, 320x50, components 3\012- data
Size
25 kB (24714 bytes)
Hash
d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd

HTTP Headers

GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Mon, 25 Sep 2023 14:46:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

banquetunarmedgrater.com/advertisers.js

172.64.110.37

200 OK

0 B

URL GET HTTP/2
banquetunarmedgrater.com/advertisers.js
IP
172.64.110.37:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint77:2B:76:51:D0:51:70:02:2E:BF:B7:9B:02:8B:5A:A4:91:FA:0B:9E
ValidityMon, 11 Sep 2023 08:34:11 GMT - Sun, 10 Dec 2023 08:34:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: 26b3854fa0f56ff8bdf4833658bfcf51
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 23 Sep 2023 14:46:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5A%2FaEJXMFXQB%2BpWGA6AJDvFCuk82falh0CI92bV2qB7%2BkPNb9DAf7HXHnhCoxi5cXfnL6t85O7KEfF%2FCl4Df%2FMbl5yijr6sQsisqWOIsFF9qdjtVb9h7yqLEdP0BRkPqLWnT4wgvypEUZw8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b3935cee404197-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

secure.gravatar.com/avatar/fd9bb80680cb75e27d081d391d3ea217?s=45&d=monsterid&r=g

192.0.73.2

200 OK

1.8 kB

URL GET HTTP/2
secure.gravatar.com/avatar/fd9bb80680cb75e27d081d391d3ea217?s=45&d=monsterid&r=g
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 45x45, components 3\012- data
Size
1.8 kB (1843 bytes)
Hash
db4ebdf247fd0a5f2eb570191e32ae85
2614606e8c59199eb0c03820f11031fe123aec97
a9d238cd38b65fcaee1d0fc929462ac067052ec48243a7bb62ec2af59b761cc3

HTTP Headers

GET /avatar/fd9bb80680cb75e27d081d391d3ea217?s=45&d=monsterid&r=g HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: image/jpeg
content-length: 1843
last-modified: Mon, 12 Nov 2018 07:22:42 GMT
link: <https://www.gravatar.com/avatar/fd9bb80680cb75e27d081d391d3ea217?s=45&d=monsterid&r=g>; rel="canonical"
content-disposition: inline; filename="fd9bb80680cb75e27d081d391d3ea217.jpeg"
access-control-allow-origin: *
expires: Sat, 23 Sep 2023 14:51:10 GMT
cache-control: max-age=300
x-nc: HIT arn 2
accept-ranges: bytes
X-Firefox-Spdy: h2

secure.gravatar.com/avatar/d9e507fa9b3d58136f6df24af16c2afd?s=45&d=monsterid&r=g

192.0.73.2

200 OK

2.0 kB

URL GET HTTP/2
secure.gravatar.com/avatar/d9e507fa9b3d58136f6df24af16c2afd?s=45&d=monsterid&r=g
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
PNG image data, 45 x 45, 8-bit/color RGB, non-interlaced\012- data
Size
2.0 kB (2012 bytes)
Hash
4307bcaabef1bbddc806712ff489051c
8ea8b520f36b2a42723f33314de10ea7864af17b
5bb8d19333e2615286b49f2560a589c658b4f96ae150a07d15f0d50e142e93c7

HTTP Headers

GET /avatar/d9e507fa9b3d58136f6df24af16c2afd?s=45&d=monsterid&r=g HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: image/png
content-length: 2012
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://www.gravatar.com/avatar/d9e507fa9b3d58136f6df24af16c2afd?s=45&d=monsterid&r=g>; rel="canonical"
access-control-allow-origin: *
expires: Sat, 23 Sep 2023 14:51:10 GMT
cache-control: max-age=300
x-nc: HIT arn 2
accept-ranges: bytes
X-Firefox-Spdy: h2

lilacsloppy.com/pixel/purst?dl=0&th=0&sc=0&rs=3896&rd=3896&fd=640&bv=23.9.v.3&tmpl=70

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
lilacsloppy.com/pixel/purst?dl=0&th=0&sc=0&rs=3896&rd=3896&fd=640&bv=23.9.v.3&tmpl=70
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectlilacsloppy.com
Fingerprint61:42:8D:7F:1F:9E:5E:99:C6:26:9F:97:2E:54:59:AB:93:1B:0E:3A
ValidityThu, 14 Sep 2023 11:06:53 GMT - Wed, 13 Dec 2023 11:06:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=3896&rd=3896&fd=640&bv=23.9.v.3&tmpl=70 HTTP/1.1
Host: lilacsloppy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 14:46:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

secure.gravatar.com/avatar/35a471329b0e28847a8652ac90f43bc5?s=45&d=monsterid&r=g

192.0.73.2

200 OK

2.0 kB

URL GET HTTP/2
secure.gravatar.com/avatar/35a471329b0e28847a8652ac90f43bc5?s=45&d=monsterid&r=g
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
PNG image data, 45 x 45, 8-bit/color RGB, non-interlaced\012- data
Size
2.0 kB (2016 bytes)
Hash
b2b544ac7ec982b1d216fc94fb0e14c1
672aec7c3a3834f1cf678868a9d404acb6a59157
5177f7848096834484e83da84afe7109111987dfe26dc18d10021aca93903ee1

HTTP Headers

GET /avatar/35a471329b0e28847a8652ac90f43bc5?s=45&d=monsterid&r=g HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:11 GMT
content-type: image/png
content-length: 2016
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://www.gravatar.com/avatar/35a471329b0e28847a8652ac90f43bc5?s=45&d=monsterid&r=g>; rel="canonical"
access-control-allow-origin: *
expires: Sat, 23 Sep 2023 14:51:11 GMT
cache-control: max-age=300
x-nc: MISS arn 2
accept-ranges: bytes
X-Firefox-Spdy: h2

secure.gravatar.com/avatar/1ff38993ac507a4bb21006ebec258fa9?s=45&d=monsterid&r=g

192.0.73.2

200 OK

1.9 kB

URL GET HTTP/2
secure.gravatar.com/avatar/1ff38993ac507a4bb21006ebec258fa9?s=45&d=monsterid&r=g
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
PNG image data, 45 x 45, 8-bit/color RGB, non-interlaced\012- data
Size
1.9 kB (1857 bytes)
Hash
638d16f6a000dbdc94279b6595146c5b
c252c0ef4829e5a12ccee77b9dd33ef459d601d7
6949c71dd13f92785a2f4bdb5d872e8489302f538e07ed69e345374be82b2bb4

HTTP Headers

GET /avatar/1ff38993ac507a4bb21006ebec258fa9?s=45&d=monsterid&r=g HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:11 GMT
content-type: image/png
content-length: 1857
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://www.gravatar.com/avatar/1ff38993ac507a4bb21006ebec258fa9?s=45&d=monsterid&r=g>; rel="canonical"
access-control-allow-origin: *
expires: Sat, 23 Sep 2023 14:51:11 GMT
cache-control: max-age=300
x-nc: MISS arn 2
accept-ranges: bytes
X-Firefox-Spdy: h2

c0.wp.com/c/6.3.1/wp-includes/js/dist/i18n.min.js

192.0.77.37

200 OK

9.4 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/dist/i18n.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (9729), with no line terminators
Size
9.4 kB (9445 bytes)
Hash
3597d2da73a2e3de74981fcc5ecbfce4
94f7e899ca4635c129e8285579b3f0e38cf19730
080a50955b97dc50d39c296cc22e8d02f07a3cfcc58d3127d93466e281514637

HTTP Headers

GET /c/6.3.1/wp-includes/js/dist/i18n.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 28 Jun 2023 20:08:46 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.4.8

104.21.88.34

200 OK

3.9 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.4.8
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (4076), with no line terminators
Size
3.9 kB (3949 bytes)
Hash
2541a2baf045e01159ee696c0811648d
b2263916a7fde84879fc3bda16095767ddf000f4
0548af9bb27732d955c46677c38cbffd67f7bcbdcf2d95797d395eefe44a6464

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.4.8 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 21 Sep 2023 21:08:28 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 3466
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yZ9mYxJvHl6Qx3ydj%2FDealp7y7SYabUfATWezJX%2BtY%2FOVF51Gp4hJpl%2FlrvoIsrBqL4IPgRrpPfiH2b4ALRCeCbBmNLFu3%2FpSonqpsPXdbeE5ke8VWY2Znok%2FkE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a4d7056a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js

104.21.88.34

200 OK

14 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/foundation/js/foundation.core.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text
Size
14 kB (13696 bytes)
Hash
0e78b1db7d662e95ae8c3506146b080a
9f1675c87a306e4dd45f84d0b7ac484ae506245e
6e79424f448b401656e2384514c9332a4baa6ab4d458ba048655e01f4b1c60f2

HTTP Headers

GET /wp-content/themes/posterpro/foundation/js/foundation.core.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sK8hczY%2F026DwyAR7PIyfbExV5%2Byv8XMz0HlQcrNaPRrwahcEtkgFrDQCjlUBZl2EsTOdwOaGOiCYu4hk2xt68TkCtXwvZ8IKE%2B8sjIcwctsS7qsJl%2BzPTRMqyU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a6d9c56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206

104.21.88.34

200 OK

2.3 kB

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/js/navigation.js?ver=20120206
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (2474), with no line terminators
Size
2.3 kB (2279 bytes)
Hash
2ea8be541e460acf6fcdc3c80a6d0ba8
49ae474a65aea7683fc0bc240d8188ab4439a8a3
51ef203dec6836fddecac912cb5b68f9e38378018a276975b4f927adc8de574d

HTTP Headers

GET /wp-content/themes/posterpro/js/navigation.js?ver=20120206 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=teFTKu3NDXtG5FuKMPmcPYsl3gP470Hpb5SIm7NCq7oMG5etn6%2BNsG%2Fq1xLrEeqXvi0mbYvCFTh51vEz2XpJ488rgA9Wypjf6opik64EvsYCajrm4RykI1hOk6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a6d9e56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.google-analytics.com/analytics.js

216.239.34.178

200 OK

53 kB

URL GET HTTP/2
www.google-analytics.com/analytics.js
IP
216.239.34.178:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT

File type
ASCII text, with very long lines (2343)
Size
53 kB (52916 bytes)
Hash
575b5480531da4d14e7453e2016fe0bc
e5c5f3134fe29e60b591c87ea85951f0aea36ee1
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20994
date: Sat, 23 Sep 2023 13:48:52 GMT
expires: Sat, 23 Sep 2023 15:48:52 GMT
cache-control: public, max-age=7200
age: 3436
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.4.8

104.21.88.34

200 OK

8.0 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.4.8
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (8246), with no line terminators
Size
8.0 kB (8005 bytes)
Hash
95e8541b1c7d8d1c6d971b8a1254f05e
a0a315f535cefee969c8f938ae9133beb051b51d
94d90d0cae68aae94246413284189ad0fd41bca226dcfc1d3394f25087df2ede

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/lazySizesConfig.js?ver=4.4.8 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 21 Sep 2023 21:08:28 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 3466
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbSpLLrocyxF%2Ba48HPpYnlt6RS4nE4NvAvnbcDtdZutMcjdtQNTav1ac%2BVmVWmmN3g%2FSGvC4ixRfXj7KSzKtDAlwC9X%2Bk6BlqEm5YXMCEz33mmd6s%2BmYNqnMjV0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a6d9856a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.1/wp-includes/js/dist/url.min.js

192.0.77.37

200 OK

9.1 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/dist/url.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (10357), with no line terminators
Size
9.1 kB (9079 bytes)
Hash
93d89333b0ea716b0dded414b6fd690e
bea26f3b7bf556a03bf81259459154e5728de2cb
acab68f8aa0636ce9058f6bf3d72d59dede88fb7111dd75532dcbd572ecb8722

HTTP Headers

GET /c/6.3.1/wp-includes/js/dist/url.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.3.1/wp-includes/js/comment-reply.min.js

192.0.77.37

200 OK

3.0 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/comment-reply.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (3056), with no line terminators
Size
3.0 kB (2981 bytes)
Hash
dc7f90d513295c29acc441fe114a2cab
ca9e5069d9afc4aa13ab2e152313dfb476e842ef
f87915c58d8c25473c726646b58d2fe0ba9a136987571e6c810aba3c67b4f74c

HTTP Headers

GET /c/6.3.1/wp-includes/js/comment-reply.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

stats.wp.com/w.js?ver=202338

192.0.76.3

200 OK

11 kB

URL GET HTTP/2
stats.wp.com/w.js?ver=202338
IP
192.0.76.3:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (10778), with no line terminators
Size
11 kB (10778 bytes)
Hash
f6c87bc49e7646c7ccda489b9defc829
9003fc52b4c4014b4bd9fe2f4506440b299478b2
e97d12898ebf1039197a2a1c2f87bfe3b56f93eca2bfe60a46a1053fab7ad860

HTTP Headers

GET /w.js?ver=202338 HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/10813-1684461103132.7104
content-encoding: br
expires: Mon, 16 Sep 2024 23:03:27 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

phenomenonwhilstsleek.com/watch.412815921388.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22onimusha%22%2C%22warlords%22%2C%22switch%22%2C%22xci%22%2C%22nsp%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fonimusha-warlords-switch-xci-nsp&tz=0&dev=e&res=14.2079&uuid=cb2dcd3a-72c9-423f-b0e7-2dab6beaa4d8%3A2%3A1&shu=2cf05f5bb4edee4edf2c86760803f79ad1157dcf96dd6baf1744a91be1d6870e076adbf2a2c6a0b9e041d630f2d9e09da2be400ba2f55a56b8f2ffba9a7713ed8c06f8d6c9093e2fdf262d6864295d5099268b836d4c18d48eb630449e&pst=1695480430&rmtc=t

192.243.61.227

200 OK

3.5 kB

URL GET HTTP/1.1
phenomenonwhilstsleek.com/watch.412815921388.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22onimusha%22%2C%22warlords%22%2C%22switch%22%2C%22xci%22%2C%22nsp%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fonimusha-warlords-switch-xci-nsp&tz=0&dev=e&res=14.2079&uuid=cb2dcd3a-72c9-423f-b0e7-2dab6beaa4d8%3A2%3A1&shu=2cf05f5bb4edee4edf2c86760803f79ad1157dcf96dd6baf1744a91be1d6870e076adbf2a2c6a0b9e041d630f2d9e09da2be400ba2f55a56b8f2ffba9a7713ed8c06f8d6c9093e2fdf262d6864295d5099268b836d4c18d48eb630449e&pst=1695480430&rmtc=t
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectphenomenonwhilstsleek.com
Fingerprint2E:E7:36:3A:66:0A:C3:40:89:9B:5C:2A:AB:C7:4D:63:D6:BC:06:2D
ValidityThu, 14 Sep 2023 11:12:58 GMT - Wed, 13 Dec 2023 11:12:57 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (3549), with no line terminators
Size
3.5 kB (3521 bytes)
Hash
7f7fbdbf43bc6b28f410f307120625c2
c73d861e5c0a022c963fe9e9366093e8ae6a351e
0ea1b3894e27d3ab51cfe6e779475cb3e68bd5e0f8aa5cee8cdc1a53793e842b

HTTP Headers

GET /watch.412815921388.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22onimusha%22%2C%22warlords%22%2C%22switch%22%2C%22xci%22%2C%22nsp%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fonimusha-warlords-switch-xci-nsp&tz=0&dev=e&res=14.2079&uuid=cb2dcd3a-72c9-423f-b0e7-2dab6beaa4d8%3A2%3A1&shu=2cf05f5bb4edee4edf2c86760803f79ad1157dcf96dd6baf1744a91be1d6870e076adbf2a2c6a0b9e041d630f2d9e09da2be400ba2f55a56b8f2ffba9a7713ed8c06f8d6c9093e2fdf262d6864295d5099268b836d4c18d48eb630449e&pst=1695480430&rmtc=t HTTP/1.1
Host: phenomenonwhilstsleek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
Referer: https://nsw2u.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19067264; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjkiOiIzYTIyNmE2NjQwYTY0NDZkYmM3Y2RjOTZlY2M2YjNlOCIsIjI4IjoiZWQ2Y2E1ZWI4YWJjOWE4NjRmZmEzOTExNTc5OWI2NDEifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vb25pbXVzaGEtd2FybG9yZHMtc3dpdGNoLXhjaS1uc3AifX0.CMCzfFoFg73qVWFmMIMWaZOGkZ9DEGHJoMHw9hs7IGs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 14:46:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cb2dcd3a-72c9-423f-b0e7-2dab6beaa4d8:2:1; expires=Sat, 30 Sep 2023 14:46:10 GMT; secure; SameSite=None
iprc1f4c9299744c5592224aec075a07af8f=3570421; expires=Sat, 23 Sep 2023 18:46:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 24 Sep 2023 14:46:10 GMT; secure; SameSite=None
uncs=1; expires=Sun, 24 Sep 2023 14:46:10 GMT; secure; SameSite=None
pdhtkv32=true; expires=Sun, 24 Sep 2023 14:46:10 GMT; secure; SameSite=None
uncs32=1; expires=Sun, 24 Sep 2023 14:46:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8ac181bf6072e2e1d9a4f32245c08e1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694673843

104.21.88.34

200 OK

11 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694673843
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text
Size
11 kB (10733 bytes)
Hash
94bc4228bb5941670e191e40a6bc44bd
ad06418894462185e7eecc1421310f552e1e5e36
5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527

HTTP Headers

GET /wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694673843 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 14 Sep 2023 06:44:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1474
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qFONc72xjDzAZ8I%2FREFsqHu9drDW3XkYzHOGy%2BGRBt4DF2vacgPWjysLBYV2s%2B3Zc7etksKY8%2FqWv2sfsr%2ByMnb4wUh1gPB94whlgSdD2docKAwTU8aAMLrpU%2B4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a4d6856a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705

104.21.88.34

200 OK

36 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type

Size
36 kB (36458 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=ae1ab3cfcf7670b1d705 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Cookie: _ga_HS5Y0K7QPG=GS1.1.1695480369.1.0.1695480369.0.0.0; _ga=GA1.1.1212437341.1695480369; _ga_V5K7GYT3S4=GS1.1.1695480369.1.0.1695480369.0.0.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 21 Sep 2023 20:46:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4965
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kDBrRu9V9DtSb7H%2BkBq6awbUhL1iQ3lDqyleb3YfwC%2BfoDqCAZM2n73kmYGsyixcNaewXk1Hp7Iy1bz86m2TKPYJ0rRGpTmeHm26r9Wrng5YVUnRlQvfFihaGM8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b39358ba2d56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery.min.js

192.0.77.37

200 OK

88 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/jquery/jquery.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
88 kB (87482 bytes)
Hash
ff04dd1ef5c67998d8652330c0441689
5e6ff5bd5240181a8bdea983837f39ac231dac4d
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

HTTP Headers

GET /c/6.3.1/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 26 May 2023 11:33:35 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/p/jetpack/12.6/css/jetpack.css

192.0.77.37

200 OK

100 kB

URL GET HTTP/2
c0.wp.com/p/jetpack/12.6/css/jetpack.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type

Size
100 kB (100132 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/jetpack/12.6/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 11 Sep 2023 22:30:19 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

104.21.88.34

200 OK

12 kB

URL GET HTTP/3
nsw2u.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (12331)
Size
12 kB (12332 bytes)
Hash
88a769d2fe35899fd45a332a0a032cc0
514c6c1d8475d17e412849a4c90159517d0fa10a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
last-modified: Wed, 20 Sep 2023 08:17:07 GMT
etag: W/"650aaa83-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6RTe2oKcpgQoJ7ybNZbO4RWCfV66DFsfxu3IjC5y1cBru2SupZ0%2Fda0wdkOIetHDhfS2Q7Gi4nrz1UyFMqO6EnWfzmRH%2BvZeEHkeTWvZOOyZr28Tb0gFixaOw4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b393469a6956a9-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 25 Sep 2023 14:46:07 GMT
cache-control: max-age=172800, public
content-encoding: gzip

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307

104.21.88.34

200 OK

7.6 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (7804), with no line terminators
Size
7.6 kB (7553 bytes)
Hash
9c77b566bd54b44feb40dae5abb672fd
4800962e6abb9f034197101fd654cd8f89e40e51
4fa5b8f79358bd73eafe22ac4a73531acbbed4b61f646d001d8636f27c4b2b07

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=0aa4f53ecbe8911b5307 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 21 Sep 2023 20:46:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4tLB90hSMveCNoljTaOEuz6%2B3A1J%2FcexYxqmCgTWyL1Q9eV1ck7zj6CKOSZuW7n06GNpaldBzMX2Z%2BGue718fFvnTXuu8trjnpnC6Lm2HEdyF3dMxaMnyv90GY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a6d9f56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill.min.js

192.0.77.37

200 OK

16 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type

Size
16 kB (16146 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

addresseepaper.com/sfp.js

0.0.0.0

0 B

URL GET
addresseepaper.com/sfp.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css

104.21.88.34

200 OK

8.1 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (8145), with no line terminators
Size
8.1 kB (8143 bytes)
Hash
734068ce5268bc23a7506f3e9e9f5d41
acf53910826dc6702a5fb8f2bf6aab44b17f4886
2dd5b45b7df3d954548b70324f5730bf593bcdab6dac3632cc19ac119e8912a8

HTTP Headers

GET /wp-content/cache/wpfc-minified/q8eepl4d/dmlqt.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:56:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4964
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=roup2S6ET5TH3n4PVZQztCJfzRaXzrBKJKfVg5C38vFd4PP2msWMhCjm%2BxpBGjgKO8iYvDm0DuJdkjlR4g47mG7Gvhz2PcdNaT%2B9mLqzZxOohsmY8jZOAdLX0ik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b393466a4e56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

intorterraon.com/?rb=AT3Fjepe2JkzPzuPFH3e7C7dab2mD0hkD5f1DpoTDw-fXy4Mtrjw5ei2Odo2jhbX1vmGeW6qOOmXMEWe8jVCgeLXgzwD3EK1g6ok-e3SlDJQBisMagmTWJODJeSb4pQg6XSTW-2L9K2TIyAVb5XCP6leYkEFQRCdqAfsZ5QuB2njB83UO40I110kKMh7lMYh0qrGSFCkAVBnznEsvjcgGA%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.601.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2Fonimusha-warlords-switch-xci-nsp&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.601.0&bs=e968f84a-54be-4f9f-a39c-5a0fa8ea0edb&userId=5efd5bd0e45941a6ab0d2ea98278eef2&m=link

139.45.197.239

200 OK

1.7 kB

URL GET HTTP/2
intorterraon.com/?rb=AT3Fjepe2JkzPzuPFH3e7C7dab2mD0hkD5f1DpoTDw-fXy4Mtrjw5ei2Odo2jhbX1vmGeW6qOOmXMEWe8jVCgeLXgzwD3EK1g6ok-e3SlDJQBisMagmTWJODJeSb4pQg6XSTW-2L9K2TIyAVb5XCP6leYkEFQRCdqAfsZ5QuB2njB83UO40I110kKMh7lMYh0qrGSFCkAVBnznEsvjcgGA%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.601.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2Fonimusha-warlords-switch-xci-nsp&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.601.0&bs=e968f84a-54be-4f9f-a39c-5a0fa8ea0edb&userId=5efd5bd0e45941a6ab0d2ea98278eef2&m=link
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectintorterraon.com
FingerprintC5:B3:FC:72:6F:FC:98:10:F0:00:B8:2D:AB:AD:D5:E7:D6:E4:FC:8E
ValidityWed, 06 Sep 2023 05:05:59 GMT - Tue, 05 Dec 2023 05:05:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1690), with no line terminators
Size
1.7 kB (1670 bytes)
Hash
aaf621761f22bd136c5643231985caec
279d38b497d55104742d799c2a0032f5e68db445
e3e3fe66f53a9a830bb206a5c9ef61d6c0cd5d7693174ff7422a2eb7f2874097

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=AT3Fjepe2JkzPzuPFH3e7C7dab2mD0hkD5f1DpoTDw-fXy4Mtrjw5ei2Odo2jhbX1vmGeW6qOOmXMEWe8jVCgeLXgzwD3EK1g6ok-e3SlDJQBisMagmTWJODJeSb4pQg6XSTW-2L9K2TIyAVb5XCP6leYkEFQRCdqAfsZ5QuB2njB83UO40I110kKMh7lMYh0qrGSFCkAVBnznEsvjcgGA%3D%3D&request_ab2=0&zoneid=3812660&js_build=iclick-v1.601.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=2&pl=https%3A%2F%2Fnsw2u.com%2Fonimusha-warlords-switch-xci-nsp&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.601.0&bs=e968f84a-54be-4f9f-a39c-5a0fa8ea0edb&userId=5efd5bd0e45941a6ab0d2ea98278eef2&m=link HTTP/1.1
Host: intorterraon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nsw2u.com/
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Cookie: OAID=5efd5bd0e45941a6ab0d2ea98278eef2; oaidts=1695480370
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: application/json
x-trace-id: 4c208dea8f919008d58e3322570a2156
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nsw2u.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=5efd5bd0e45941a6ab0d2ea98278eef2; expires=Sun, 22 Sep 2024 14:46:10 GMT; path=/; secure; SameSite=None
oaidts=1695480370; expires=Sun, 22 Sep 2024 14:46:10 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 30 Sep 2023 14:46:10 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188

104.21.88.34

200 OK

701 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (727), with no line terminators
Size
701 B (701 bytes)
Hash
e8b1dbb3b1a9bc1b59010bd6f7035465
c9d0ec84d9184c72ea6335c67193d25a90e003af
18c991e1cdc15a5c427215cf20569d60a7aa9bc32f1f7a2382640782a6e5bfe7

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 21 Sep 2023 20:46:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sMhrjmiDYeSXtFQ4CReEq1ec0VvLlhuxsseMizSaKgtl1GjfAO%2F%2Fg9TUqtFXVhK%2FsFymUVSQbyCeQSbKdByLEC%2BC7R%2BcFzlFSgz%2BqZtR%2BFZxe2n1S4S71xQFg3s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a8dc556a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f

104.21.88.34

200 OK

77 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type

Size
77 kB (77230 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.defaultVendors.js?minify=false&ver=a812fafe63c2ca6c059f HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Cookie: _ga_HS5Y0K7QPG=GS1.1.1695480369.1.0.1695480369.0.0.0; _ga=GA1.1.1212437341.1695480369; _ga_V5K7GYT3S4=GS1.1.1695480369.1.0.1695480369.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 21 Sep 2023 20:46:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4965
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GaDZvIqQXeu1e4PNqW2lSkZhhdILCQIwD%2FNcTjXbXJuq5VSDbsyI%2FvypZtNtQcrasT0sEhOZhCeiX6%2BR8hVu4kgfgm6KJi2arVC7vTJw2ecjZgh05eoO%2FqbaUoU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b39358aa2456a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115

104.21.88.34

200 OK

880 B

URL GET HTTP/3
nsw2u.com/wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (965), with no line terminators
Size
880 B (880 bytes)
Hash
fa7fe6b99dd294598a44154cb2f424b7
78a909d97e5dfeffa1e1311e2c7ad8633d768960
9600c505b5d0d438a661c90d7b6ef5c6098024ff4e16e58a3577d5d0c837237f

HTTP Headers

GET /wp-content/themes/posterpro/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:45:22 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00XNZ4GysAKpsG7vqDQhJCTsFWzRai3vEpSdoJIg6Er1ttxQUlXYfjkhUT4VWHYBWNC3sMiP%2BU%2Fdk6O6Sm452VJECxnyO71bdjIFBFD1LSocqPar7tUusBteWLs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a6d9d56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js

192.0.77.37

200 OK

8.2 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (8365), with no line terminators
Size
8.2 kB (8171 bytes)
Hash
08e6714eaf3cfe8f3c7839f22d90ba4e
94fdad68854d0d3482b877aef7ba7c2eb265c621
e424039d5a737a1bda8a5ded60919e5067085729310762eebb09c20e07d249c8

HTTP Headers

GET /c/6.3.1/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js

104.21.88.34

200 OK

6.2 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (6303), with no line terminators
Size
6.2 kB (6206 bytes)
Hash
f9853427f0beb8a283ac3cdabe910ad6
8fcd5776a89dbe61bde8c23df7abd40148d0a336
1d280a7d6bcd1ea74968f32131f53c6a7b39468f6d7f9a21543fef8525b405ca

HTTP Headers

GET /wp-content/cache/wpfc-minified/7kcuf8x0/5qz0r.js HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tpl5MsucgpQvIv8M0XQ5iAv5QHGeUUDt92RMLx6a5SztaUP4smxGPoUhP1KA3EUKGWYcblhBFM2zHFCQKNLjVwRXsA28NADPIhrvAyIIn%2FBpBOz7w%2Bp9Mi2ChHo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934acdfe56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

192.243.61.227

307 Temporary Redirect

3.5 kB

URL GET HTTP/1.1
phenomenonwhilstsleek.com/watch.412815921388.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22onimusha%22%2C%22warlords%22%2C%22switch%22%2C%22xci%22%2C%22nsp%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fonimusha-warlords-switch-xci-nsp&tz=0&dev=e&res=14.2079&uuid=cb2dcd3a-72c9-423f-b0e7-2dab6beaa4d8%3A2%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectphenomenonwhilstsleek.com
Fingerprint2E:E7:36:3A:66:0A:C3:40:89:9B:5C:2A:AB:C7:4D:63:D6:BC:06:2D
ValidityThu, 14 Sep 2023 11:12:58 GMT - Wed, 13 Dec 2023 11:12:57 GMT

File type

Size
3.5 kB (3521 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.412815921388.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22onimusha%22%2C%22warlords%22%2C%22switch%22%2C%22xci%22%2C%22nsp%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fonimusha-warlords-switch-xci-nsp&tz=0&dev=e&res=14.2079&uuid=cb2dcd3a-72c9-423f-b0e7-2dab6beaa4d8%3A2%3A1 HTTP/1.1
Host: phenomenonwhilstsleek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nsw2u.com
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 23 Sep 2023 14:46:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://nsw2u.com
Access-Control-Allow-Origin: https://nsw2u.com
Access-Control-Allow-Credentials: true
Location: https://phenomenonwhilstsleek.com/watch.412815921388.js?key=a45922fa4966955cecdffbdde5347ae5&kw=%5B%22onimusha%22%2C%22warlords%22%2C%22switch%22%2C%22xci%22%2C%22nsp%22%2C%22nsw2u%22%2C%22com%22%5D&refer=https%3A%2F%2Fnsw2u.com%2Fonimusha-warlords-switch-xci-nsp&tz=0&dev=e&res=14.2079&uuid=cb2dcd3a-72c9-423f-b0e7-2dab6beaa4d8%3A2%3A1&shu=2cf05f5bb4edee4edf2c86760803f79ad1157dcf96dd6baf1744a91be1d6870e076adbf2a2c6a0b9e041d630f2d9e09da2be400ba2f55a56b8f2ffba9a7713ed8c06f8d6c9093e2fdf262d6864295d5099268b836d4c18d48eb630449e&pst=1695480430&rmtc=t
Set-Cookie: u_pl=19067264; expires=Sun, 24 Sep 2023 14:46:10 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTA2NzI2NCwiayI6ImE0NTkyMmZhNDk2Njk1NWNlY2RmZmJkZGU1MzQ3YWU1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDQ5ODA3LCJwaWQiOjE2MjY3OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoibWh2ZzFhbXRhIiwiY3BrcyI6eyAiMjkiOiIzYTIyNmE2NjQwYTY0NDZkYmM3Y2RjOTZlY2M2YjNlOCIsIjI4IjoiZWQ2Y2E1ZWI4YWJjOWE4NjRmZmEzOTExNTc5OWI2NDEifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9uc3cydS5jb20vb25pbXVzaGEtd2FybG9yZHMtc3dpdGNoLXhjaS1uc3AifX0.CMCzfFoFg73qVWFmMIMWaZOGkZ9DEGHJoMHw9hs7IGs; expires=Sat, 23 Sep 2023 14:47:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ac030fbe2a218eec474821152e671de3
Strict-Transport-Security: max-age=0; includeSubdomains

nsw2u.com/wp-content/cache/wpfc-minified/12xngu3j/dmm48.css

104.21.88.34

200 OK

18 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/12xngu3j/dmm48.css
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (6818)
Size
18 kB (17923 bytes)
Hash
ff84606c6cdce3e678f6bc63e0b09b84
2825d845207ed38745aa7de04dd5ec92e61f81a6
73bffd10dc370f48dafba318497cc23abd1e8c9d0b1b3d81d60b378a105e0931

HTTP Headers

GET /wp-content/cache/wpfc-minified/12xngu3j/dmm48.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sun, 03 Sep 2023 08:59:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4912
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vjKDSx5QItWsz5Cx7y0%2FODxpWqWN%2FdUMR42jQG0cbJkG2WL45RlBXYzEDVhhgscE0gLXbI3%2BrpqxpVZRev7LDfI27sF5pmsLk%2BQ4C9NqfCXAX7a4slWmsl2rQeA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b393464a2256a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.30

104.21.88.34

200 OK

110 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.30
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with no line terminators
Size
110 B (110 bytes)
Hash
70cd599fb1a952f67216cc82829f9ada
74cfae7f053f69abf2dce9cb74c962a83b8ba8bf
1fa8347df53b4287898f910b10e189b287e5610aa9d6cd322fb53d487b37a56d

HTTP Headers

GET /wp-content/plugins/ad-inserter/js/ads.js?ver=2.7.30 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
cf-bgj: minify
cf-polished: origSize=112
expires: max-age=A10368000, public
last-modified: Fri, 22 Sep 2023 09:31:13 GMT
cf-cache-status: HIT
age: 3466
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uEwAtavav%2Bd30RL3sA4dzpt5VtF0diEiSxSHZ0hDqrGXCKO3CeYcaY985VZfyby%2F6hSRuitRCu%2FyOENh8YrkPv3JklRiUWlEI3ZxOfVJU8qQ%2FNb3czyVIRY9iA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b3934a4d6756a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.1/wp-includes/js/dist/hooks.min.js

192.0.77.37

200 OK

4.6 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/dist/hooks.min.js
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4704), with no line terminators
Size
4.6 kB (4627 bytes)
Hash
414c8462f6209b4905f767c8ba5c787d
a80b8b79908e6cdf11648f810e707a75c859cda3
007c3734a3f7737d74061ab5b96905dcb14ba1f88e7a6df55364b9d9573e3ce1

HTTP Headers

GET /c/6.3.1/wp-includes/js/dist/hooks.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2

104.21.88.34

200 OK

4.6 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (4857), with no line terminators
Size
4.6 kB (4591 bytes)
Hash
3c05b4818fda400788cc5c2f60d87ea4
01e544e8461be8bb14a13fb8be13cc1e8259858e
db8170cdde3c954a075a4c1cfe836be73fc450ee8a298978470ca6a110284a08

HTTP Headers

GET /wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.5.2 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Sat, 15 Jul 2023 09:31:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4963
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cWDzUtWRIRqNpKuScnFz1onEnYTtSuHGl3CUceHPVRbZ3iPP9l0vBB%2FF9UL72Q%2FLC2CtUMaQAL53UlR3ajawi1j9PmnRc7Lo9DOWBLEPDshtKbGL7WnUBPKcBnE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934a6d9a56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mgnetu.com/js/full-page-script.js

188.114.96.1

200 OK

2.2 kB

URL GET HTTP/2
mgnetu.com/js/full-page-script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subjectmgnetu.com
Fingerprint21:B9:B9:0D:57:72:24:1E:26:FB:B7:EA:F5:93:18:FF:44:DC:2E:07
ValidityMon, 04 Sep 2023 14:28:34 GMT - Sun, 03 Dec 2023 14:28:33 GMT

File type
C source, ASCII text, with very long lines (2222), with no line terminators
Size
2.2 kB (2153 bytes)
Hash
0f0a8906d260aade1f7f26ef729fb8bb
bba38288d01f698353166ee9a17908d1bb622a79
0a439b87c4d18a47b47832a83e8ff521faf1ecc0e04c07992875da4761d53308

HTTP Headers

GET /js/full-page-script.js HTTP/1.1
Host: mgnetu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Thu, 28 Sep 2023 10:05:19 GMT
last-modified: Thu, 19 Dec 2019 15:37:58 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 189648
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IWkjhWdcz7dPK4NVQ4h6o8R621fh%2FqmDPoklZkW9CBA0%2B0SY6%2BB807tf96QYZ4sZefmI7tp4e3364iRosQUVXRqGHj%2BwPrDAB6HYzZoeWMmNu%2BMlXg2OPQdLbtzO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b3934b6d0256ba-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1

192.0.77.2

200 OK

7.7 kB

URL GET HTTP/2
i0.wp.com/images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 405x155, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.7 kB (7712 bytes)
Hash
1f2664d6059193e6c1a59ee7ef14d1a0
46542860abd849426ea23d66c601ff0888d735db
f685610012cd711cdf0f3f186e878030c152058d3705dd751d6048d480bc2621

HTTP Headers

GET /images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg?resize=405%2C155&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:08 GMT
content-type: image/webp
content-length: 7712
last-modified: Sat, 11 Jun 2022 22:08:00 GMT
expires: Tue, 11 Jun 2024 10:08:00 GMT
cache-control: public, max-age=63115200
link: <https://images.vfl.ru/ii/1588854988/40f4425a/30440747.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "416c01d7e07bbbbf"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.3.1/wp-includes/js/mediaelement/wp-mediaelement.min.css

192.0.77.37

200 OK

4.2 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4186), with no line terminators
Size
4.2 kB (4186 bytes)
Hash
ea958276b7de454bd3c2873f0dc47e5f
b143f6e8e8f79d8f104c26b0057ef5514d763219
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

HTTP Headers

GET /c/6.3.1/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css

104.21.88.34

200 OK

148 kB

URL GET HTTP/3
nsw2u.com/wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type

Size
148 kB (147784 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/cache/wpfc-minified/fhg2umku/5qz0r.css HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Tue, 29 Aug 2023 11:06:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4966
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A6mRPBd0hPbyEVmPdJzWDgwh9m3oglAMh0oI0TDD4LVUvZ1%2BaAU3ZWEyxJKoQymt1SZ%2BrEo%2B4upZAYjkHy1OEvagrmuktIYV8Qapr0HpRaYM7qajo8CwZvQL9jk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b393464a2656a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.4.8

104.21.88.34

200 OK

399 B

URL GET HTTP/3
nsw2u.com/wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.4.8
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type
ASCII text, with very long lines (423), with no line terminators
Size
399 B (399 bytes)
Hash
ed94fa94e236140899a07d0bb24f233d
8e7f16eda1a41233d4d0f19264382b6222959b6c
2fb43730229e7993c5976889479bdd4488ce1cab9f939f11d7bba6e327c9a5df

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/css/lazyload.css?ver=4.4.8 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: text/css
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 21 Sep 2023 21:08:28 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 3467
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rOyON0jgOcgnYod63I5z5yfGHdTLBVGn%2BzDU%2BcKspco4VAcisdisxSYm54w8%2FP7GCT%2BTnhk4q3IaQxLlL5eepwA6pSIX%2FlX38lY3mw6FfST0srOVMsVNlbKYrgE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b393466a4c56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428

104.21.88.34

200 OK

79 kB

URL GET HTTP/3
nsw2u.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428
IP
104.21.88.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerLet's Encrypt
Subjectnsw2u.com
FingerprintB8:C7:69:30:12:0E:48:CE:2A:94:91:9B:6A:D7:C9:AA:80:04:46:EE
ValidityThu, 10 Aug 2023 01:30:58 GMT - Wed, 08 Nov 2023 01:30:57 GMT

File type

Size
79 kB (79073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=be4054ef01b79af42428 HTTP/1.1
Host: nsw2u.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Cookie: _ga_HS5Y0K7QPG=GS1.1.1695480369.1.0.1695480369.0.0.0; _ga=GA1.1.1212437341.1695480369; _ga_V5K7GYT3S4=GS1.1.1695480369.1.0.1695480369.0.0.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:46:10 GMT
content-type: application/javascript
cache-control: public, max-age=16070400
expires: max-age=A10368000, public
last-modified: Thu, 21 Sep 2023 20:46:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4965
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BoDW8T7Q8b7UxQRS582MOAzAIKOc3ZjrfDzUHGb%2FKuFbxSSC6z1nMFP5HtWCvSX4hUiI8xl5TQwAJPCxajdsADfcNrqhxpxi2rAEC%2BAOR6er%2B1PmmxHUA5E9upk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b39358ba2e56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c0.wp.com/c/6.3.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

192.0.77.37

200 OK

11 kB

URL GET HTTP/2
c0.wp.com/c/6.3.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP
192.0.77.37:443
ASN
#2635 AUTOMATTIC

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11256), with no line terminators
Size
11 kB (11256 bytes)
Hash
2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

HTTP Headers

GET /c/6.3.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:46:07 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Sun, 22 Sep 2024 14:46:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.1

142.250.74.106

200 OK

8.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.1
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://nsw2u.com/onimusha-warlords-switch-xci-nsp
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (8472), with no line terminators
Size
8.3 kB (8256 bytes)
Hash
3f5613f7160c3b6638dbbe32b93f8e97
62d3566bc0e2a74456c2bebb6d280be511402791
5d5d0961816e9953501ec925709e8c23de9e3add0dd57ccbc3f4402a0f53207c

HTTP Headers

GET /css?family=Open+Sans%3A100%2C300%2C400%2C700&ver=6.3.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nsw2u.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 23 Sep 2023 14:46:07 GMT
date: Sat, 23 Sep 2023 14:46:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (70)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL